5G-ENSURE 2nd International Workshop: From Research to Standardisation

Takeaways from the 5G-ENSURE 2nd International Workshop: From Research to Standardisation during ETSI Security Week, Friday 16 June 2017

The 5G-ENSURE 2nd International workshop was an opportunity to share the 5G-ENSURE security vision and showcase achievements to date, including on-going standardisation work to over 60 participants, spanning standards representatives, device and infrastructure manufacturers, network operators and SMEs.

5G Security Standardisation

Future priorities and collaborative work were also among the discussion topics, taking stock of 5G-ENSURE results so far and ensuring the transfer of relevant research results into the standardisation process. The presentation by Anand Prasad, chairman of 3GPP SA3, was very insightful in this respect. In reporting the updated timeline for 5G security standardisation work, Dr Prasad also gave the view of 3GPP SA3 work and its approach to security areas in next-generation networks.

There is a match between the security areas covered by 5G-ENSURE and 3GPP SA3 work on 5G security. This means great opportunities for 5G-ENSURE to contribute. Architectural aspects of Next Generation Security, Authentication, RAN Security, Network Slicing security and Subscription Privacy are the areas where 5G-ENSURE can contribute within 3GPP SA3, Anand Prasad, chairman of 3GPP SA3.

  • In this context, Paolo De Lutiis from TIM showed the 5G-ENSURE Standardisation Plan and the approach taken by the project in the area of 5G security standardisation.
  • 5G-ENSURE has elaborated and presented over 30 direct contributions focusing on issues and solutions related to privacy. The plan is to build on this with contributions to the security architecture. Within the ETSI umbrella, TC CYBER is also seen as relevant for privacy aspects, and 5G-ENSURE has also provided contributions to this group.
  • 5G-ENSURE Open Consultation is open until mid-October to collect views on security from a range of 5G stakeholders, from operators and vendors, vertical industries, R&I projects, policy makers and regulators.

International Panel on the way forward for 5G security and related standardisation

Charles Brookson, Chair ETSI TC CYBER; Roberto Cascella, Senior Policy Officer at the European Cyber Security Organisation (ECSO), Jovan Golic, Lead NGMN Security Competence Team, Telecom Italia and Anand Prasad, Chairman 3GPP SA3. Moderated by Pascal Bisson, technical coordinator of 5G-ENSURE project, panellists discussed priority actions towards security research on 5G network.

  • More work needs to be done in standardisation on slicing, IoT security aspects and virtualisation.
  • The security of the data lifecycle needs a lot of attention in the context of 5G. Security relays on digital infrastructure, network and computers and also data. Big data is driving the economy of new applications but they are the most critical. In the lifecycle of data, 4 stages are relevant: data collection, data transmission, data storage and sharing, and data processing. Data collection very much relates to user’s control on privacy in terms of user consent. The research is there but improvements are needed. Data storage and sharing can use encryption but there is the problem of key management. Sophisticated encryption mechanisms like searchable encryption and Attribute Base Encryption for data sharing are available. Data processing basically the computing processing runs the data so it should be trusted. To protect data, enhanced techniques like homorphic encryption and fully homorphic encryption are needed. This is where more work is required in terms of techniques to process or elaborate encrypted data, to not having to trust the server with regard to the confidentiality of data.
  • Most of the relevant 5G security topics, like trust, risks, liability and data, were covered during the workshop. Applications are another important thing to consider for the 5G enablers. Investigations are needed into what will be provided by the application layer, understanding also the impacts in terms of data with regard to privacy, authentication and protection against potential Denial of Service (DoS) because the application does not function as it should. This calls for a cross layer investigation in terms of what is provided at the application layer that affect security at the lower layer.
  • Several projects in Phase 2 of the 5G PPP are expected to address currently missing solutions for physical security. There are big issues around data and the need for data protection techniques. Work is necessary to speed up standards for data protection techniques and to ensure secure data access. However, encrypting everything in the network will not work very well. How do we give quality of services if everything is encrypted?

Finally, the workshop was an excellent opportunity to take forward on-going discussions with the National Institute of Standards and Technology (NIST), with Nelson Hastings from the Computer Security Division in attendance. One of the follow-up actions is a webinar on Release 2 of the 5G-ENSURE Security Enablers of interest to NIST, to be organised in late July 2017.

5G-ENSURE extends its thanks to NIST, our Advisory Board members, ETSI, who kindly hosted the workshop, and to all participants, for making the event such a success.

All 5G-ENSURE presentations are available online